The SANS Institute — a leading authority in cybersecurity research, education and certification — released its annual Top Attacks and Threats Report. This report provides insights into the evolving threat landscape, identifying the most prevalent and dangerous cyberattack techniques that organizations need to prepare for.

This year’s report also highlighted the main takeaways from the SANS keynote hosted at the annual conference. During the keynote presentation, five new cybersecurity attacks were identified and discussed by key SANS members along with suggested actions to address them.

The 5 most dangerous new attack techniques identified

The SANS Institute’s yearly RSA Conference presentation provides an in-depth analysis of the evolving cyber threat landscape. The goal is to help organizations understand the current tactics, anticipate future trends and proactively strengthen their defenses against these ever-evolving threats.

Below is a list of the five new attack techniques that were discussed at the conference, along with the necessary steps that should be taken:

1. AI-powered child sextortion

Heather Mahalik Barnhart, a SANS DFIR Curriculum Lead and Senior Director of Community Engagement at Cellebrite, led the discussion on the sensitive topic of AI-powered child sextortion. Barnhart explained how AI deepfakes have allowed malicious parties to create convincing images or videos of their victims without them ever having shared any compromising material.

The fear of having fabricated content shared online can lead victims to comply with extortionists’ demands, regardless of their validity. To combat this threat, Barnhart stresses the importance of awareness and education. Adults and children alike should be reminded not to talk to strangers online and to carefully consider their privacy settings when using social media.

In the unfortunate event that someone falls victim to sextortion, Barnhart reminds everyone that there are ways to help them get out of the situation. Resources like the National Center for Missing and Exploited Children’s “Take It Down” program and various support lines can assist in removing harmful content and providing necessary assistance.

Explore AI cybersecurity solutions

2. Using generative AI to skew public perception

Terrence Williams, a SANS DFIR Certified Instructor and Security Engineer, spoke on the topic of generative AI and the challenges it is presenting in the approaching 2024 political elections. While technology has created new opportunities for innovating political campaigns, the use of deep fakes and targeted misinformation that it facilitates can severely erode public trust.

Terrence mentioned that as AI progresses, adversaries are quickly gaining the upper hand, uncovering new vulnerabilities and launching attacks with greater efficiency. This urgent situation calls for proactive measures to address tech debt and increase security protocols, ensuring the protection of critical infrastructure.

Williams emphasizes the importance of collaboration between tech companies, political parties, academia and grassroots organizations to establish checks and balances, ensuring accountability on all levels.

3. AI LLMs hyper-accelerate exploitation lifecycles

Steve Sims, SANS Offensive Cyber Operations Curriculum Lead and Fellow, spoke about how AI and automation are beginning to significantly increase the capabilities of offensive cyber operations. Using tools like Shell GPT that integrate AI elements into command-line interfaces like PowerShell and CMD allows cyberattackers to automate their coding tasks even in areas where they don’t have enough expertise.

Sims highlighted that the core concern is the rapid pace at which AI allows vulnerabilities to be discovered and exploited, particularly with LLMs (Large Language Models). The ability to automate patch diffing, leverage threat intelligence and weaponize vulnerabilities fast and effectively is a major concern.

Sims also anticipates the emergence of sophisticated, multi-agent systems that can autonomously handle various stages of the attack lifecycle, potentially leveraging LLMs for decision-making and code generation. In answer to this, Sims emphasized the need to leverage automation and intelligence on the defensive side, suggesting a continuous loop of instrumentation, threat intelligence analysis and rule generation.

4. Exploitation of technical debt

Johannes Ullrich, Dean of Research at SANS Technology Institute, addressed the far-reaching consequences of technical debt on enterprise security. He emphasized how technical debt is becoming increasingly critical, affecting not only enterprise applications but also the security infrastructure itself.

Ullrich also drew attention to the evolution of programming languages and the challenges posed by legacy code. As developers retire and newer languages gain more popularity, organizations are left dealing with codebases written in languages like Perl that very few modern developers understand. This creates a significant vulnerability as it becomes increasingly difficult to maintain and secure these aging systems.

Ullrich argued that organizations can no longer afford to delay updates and fixes. He also advocated for a proactive approach to patching, highlighting the tendency of many developers to skip seemingly minor updates. These oversights can accumulate over time and create a significant technical debt burden when a major security vulnerability emerges.

5. Deepfakes complicating identity verification

During the keynote address, Ullrich also explored the implications of deepfakes on identity verification. He highlighted how the decreasing cost of creating convincing fake videos and audio is significantly complicating the process for technologies to verify someone’s identity online.

He pointed out that using traditional human verification methods like CAPTCHAs is increasingly ineffective as machine learning systems surpass human capabilities in solving them. Instead, Ullrich stressed the importance of using a two-pronged approach to identity verification.

The initial identification, he argued, requires a substantial investment of time and resources to ensure accuracy. Subsequent interactions should rely on incremental authentication mechanisms to maintain security. The second part of the process deals with regulatory requirements, such as “Know Your Customer (KYC),” which is a set of procedures put in place to support anti-money laundering (AML) and counter-terrorism financing (CTF) rules.

Ullrich concluded by emphasizing the need for a risk-based approach to identity verification. Organizations need to assess the likelihood of breaches and the criticality of verifying each individual’s identity to determine the appropriate level of effort to invest in identity verification measures.

Looking forward

As each year passes by, it has become more important to remain vigilant when identifying new cyberattack methods and staying up-to-date regarding effective mitigation strategies. With disruptive technologies continuing to play a critical factor in the scale and severity of modern-day cyber threats, industries will need to continue to adapt their security approaches while benefiting from the expertise and guidance of cybersecurity leaders and the organizations they represent.

More from Risk Management

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today